Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: wetabax on November 12, 2007, 04:14:43 PM
-
The image below expains better as me. There are 6 now! Almost all other antivirus in www.virustotal.com (http://www.virustotal.com) mark the samples as virus. Avast not. All of them sent by chest with all information needed.
All of them appears in my Thunderbird as message sent.
And silence over the earth.
I really don't know why I paid a 2 years subscription for this software.
-
Hi wetabax,
The chest is a place where malware can do no harm, and you can safely delete the malware if you do not longer need the files (some malware infect system files your OS cannot do without). The chest is a place like limbo where malware waits to be send to the hell of electronic oblivion by you (mostly after a week or two). Probably you understand now that the chest is a kind of malware prison to neutralize malware or a malware detention place on your computer. Every good av does not delete malware right away, because there is no alternative in case of a false positive.
polonus
-
Hi wetabax,
The chest is a place where malware can do no harm, and you can safely delete the malware if you do not longer need the files (some malware infect system files your OS cannot do without). The chest is a place like limbo where malware waits to be send to the hell of electronic oblivion by you (mostly after a week or two). Probably you understand now that the chest is a kind of malware prison to neutralize malware or a malware detention place on your computer. Every good av does not delete malware right away, because there is no alternative in case of a false positive.
polonus
Ok, Mr. Polonus, I will try to explain in my bad english. I collected 6 viruses. VirusTotal is a site that check these samples, and each of them are considered virus from almost 15% of the av in that service. I sent the viruses via MAPI to avast. The date I get these viruses are in the image above. I think an av should renew their scanner engines to detect this files as viruses. Well, avast! did not. Today I export all 6 files to a temp folder. Scan the folder, and avast think that none of them are virus. Is it clear now? The first virus I sent is from november 3rd! We are at november 12th!
-
We cannot be on the company side on this matter.
We, the users, will be at the user side.
We aren't fanboys (at least, not I)... how long should we wait for this new submission and detection method?
-
Hi Tech and wetabax,
If the matter is as explained, this should be a matter of concern for the Avast staff that make up the virus signatures. With an av solution there is no place nor time for being sloppy, the consumers depend on swift reaction. On the other hand it is a good thing to have an additional non-resident scanner like DrWeb's CureIt (self-updating) to get the malware that has stayed under the Avast radar, because we do not live in an ideal world as they say. The days that we could rely on just one AV solution and FW are alas long, long gone.
polonus
-
I use VirusTotal when I need to run suspicious files... I've learned in my own sadness...
-
Also by checking files against VirusTotal, samples 'should' be sent to the scanners that haven't detected them. That should be another avenue to get samples to Alwil, but the submission system, simply isn't good enough currently. I really look forward to the planned update to the submissions process.
-
I begin to hate all of this. :-X All of them now were sent more as 3 times, IMAP, SMTP, they are at virustotal, everywhere.... but by avast!
-
no comments:
Escaneando os arquivos selecionados
------------------------------------------------------------------------------------------
O programa irá tentar escanear o(s) arquivo(s) 10 selecionado(s) da Quarentena
Mover os arquivos para a pasta temporária: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp
ID do arquivo: 0000000013 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\DSC00129.scr Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\13.scr
ID do arquivo: 0000000017 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\FlashPlayer09.exe Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\17.exe
ID do arquivo: 0000000014 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\FotosZip.exe Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\14.exe
ID do arquivo: 0000000015 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\humor.exe Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\15.exe
ID do arquivo: 0000000023 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\Projeto_vivo.exe Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\23.exe
ID do arquivo: 0000000021 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\Projeto_vivo_report1.jpg Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\21.jpg
ID do arquivo: 0000000022 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\systray.exe Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\22.exe
ID do arquivo: 0000000020 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\systray_report1.jpg Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\20.jpg
ID do arquivo: 0000000019 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\systray_report2.jpg Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\19.jpg
ID do arquivo: 0000000016 Nome original do arquivo: C:\Documents and Settings\Tabax\Desktop\VivoCupidoMSG.exe Nova pasta: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\16.exe
Escanear os arquivos na pasta temporária: C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\13.scr -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\14.exe -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\15.exe\[PECompact] -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\15.exe -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\16.exe -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\17.exe\[PECompact] -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\17.exe -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\19.jpg -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\20.jpg -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\21.jpg -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\22.exe -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\23.exe\[PECompact] -- sem vírus --
C:\DOCUME~1\Tabax\CONFIG~1\Temp\_avast4_\unp213783263.tmp\23.exe -- sem vírus --
------------------------------------------------------------------------------------------
A ação foi completada com sucesso!
-
If any doubt is pending about sent or not sent the samples:
(only a few of the send-receipts)
>> :_CHEST_ANALYZE_:<<
Virus name: Original file location: C:\Documents and Settings\Tabax\Desktop\DSC00129.scr
Computer name: DELL-DIMC521
Transfer time: 03.11.2007 18:37:03
Modification time: 03.11.2007 18:32:52
Total size: 162598
Comment:
File ID: 13
Category: 2
>> :_CHEST_ANALYZE_:<<
Virus name: Original file location: C:\Documents and Settings\Tabax\Desktop\FotosZip.exe
Computer name: DELL-DIMC521
Transfer time: 05.11.2007 11:37:33
Modification time: 05.11.2007 11:22:08
Total size: 537088
Comment: comes with a first *.pdf extension that opens Acrobat Reader, but doesn't work - if I delete the pdf extension, it originates the attached exe file
File ID: 14
Category: 2
OS:
Microsoft Windows XP Professional (Build 2600) Service Pack 2
The original name when downloaded is FotosZip.exe.pdf - that claims for Acrobat Reader to open. In my Acrobat Reader it doesn't run neither open - nothing happens. So, I renamed the file, deleting the extension and creating it as FotosZip.exe - and after that, it is a virus. Link to download the file is:
http://www.d1048438.domain.com/photosgallery/
>> :_CHEST_ANALYZE_:<<
Virus name: Original file location: C:\Documents and Settings\Tabax\Desktop\humor.exe
Computer name: DELL-DIMC521
Transfer time: 07.11.2007 14:47:25
Modification time: 07.11.2007 14:46:40
Total size: 2038272
Comment:
File ID: 15
Category: 2
OS:
Microsoft Windows XP Professional (Build 2600) Service Pack 2
>> :_CHEST_ANALYZE_:<<
Virus name: Original file location: C:\Documents and Settings\Tabax\Desktop\VivoCupidoMSG.exe
Computer name: DELL-DIMC521
Transfer time: 08.11.2007 20:32:23
Modification time: 08.11.2007 20:31:16
Total size: 392704
Comment:
File ID: 16
Category: 2
OS:
Microsoft Windows XP Professional (Build 2600) Service Pack 2
one more!!! and to inform the first one, from 3/11/2007 isn't still recognized from avast! - 5 days!!! - now, my colection is populated with 4 samples, none of them recognized as virus from avast! - and I paid for this program!!!!
-
i'll suggest this thread to misak, he will take care.. ;)
-
i'll suggest this thread to misak, he will take care.. ;)
Thanks. Please, post back when it's solved, you or misak.
I'm receiving quite some IM from Brazilian users complaining about misdetections but more from bad (missed) detections of viruses/malware in your country.
-
In virus@avast.com was 4 emails from you. Without duplicity 4 files only. Now are 3 of them detected (see scan report bellow). The last one is HTML page tim_foto2007.com without suspicious scripts.
If you have some other samples, that are not detected, please send it to virus@avast.com
*
* avast! Report
* This file is generated automatically
*
* Task 'aswcmd.exe' used
* Started on 20. listopad 2007 12:42:36
* VPS: 071119-1, 20.11.2007
*
CardMsN.exe\[ASPack] [L] Win32:Banload-CVQ [trj] (0)
foto07_euevc.jpg_-_Tipo_-_Imagem_JPEG_.sCR\[PECompact] [L] Win32:Agent-MLS [trj] (0)
vivo.exe [L] Win32:Trojan-gen {Other} (0)
Infected files: 3
Total files: 7
Total folders: 1
Total size: 915,8 KB
*
* Task stopped: 20. listopad 2007 12:42:36
* Run-time was 0 second(s)
*
-
[...]
If you have some other samples, that are not detected, please send it to virus@avast.com
[...]
Well, now the doubt persists. What is better? Send the emails by chest IMAP? Send virus by chest SMTP? Send virus to virus@avast.com? Can anybody give the final word?
-
Well, now the doubt persists. What is better? Send the emails by chest IMAP? Send virus by chest SMTP? Send virus to virus@avast.com? Can anybody give the final word?
Send the emails by chest IMAP or chest SMTP are the same.
Both are better than sending to virus (at) avast.com.
At least, this is what I've read in forums, due to many 'trash' sent directly by email.
-
In virus@avast.com was 4 emails from you. Without duplicity 4 files only. Now are 3 of them detected (see scan report bellow). The last one is HTML page tim_foto2007.com without suspicious scripts.
If you have some other samples, that are not detected, please send it to virus@avast.com
*
* avast! Report
* This file is generated automatically
*
* Task 'aswcmd.exe' used
* Started on 20. listopad 2007 12:42:36
* VPS: 071119-1, 20.11.2007
*
CardMsN.exe\[ASPack] [L] Win32:Banload-CVQ [trj] (0)
foto07_euevc.jpg_-_Tipo_-_Imagem_JPEG_.sCR\[PECompact] [L] Win32:Agent-MLS [trj] (0)
vivo.exe [L] Win32:Trojan-gen {Other} (0)
Infected files: 3
Total files: 7
Total folders: 1
Total size: 915,8 KB
*
* Task stopped: 20. listopad 2007 12:42:36
* Run-time was 0 second(s)
*
I don't know what is happening. Now I have my avast! 4.7.1074 and VPS 071122-0 and none of the nine samples I have in my computer are detected from avast. It's absolutelly the same if I extract them to a temp folder and then scan or if I scan into CHEST. Result is: no virus in ALL OF THEM.
Something more: checking YOUR list with my in CHEST, I noted that all these virus you mentioned are really old samples! After that, I sent a lot of other ones! See image in http://forum.avast.com/index.php?topic=31461.msg262675#msg262675 - you can see that none of the virus names there, are the same as these one you mentioned. So, I only can supose, that none of the nine samples arrived to avast! - so, again, if I sent them via CHEST as IMAP, as SMTP, and sent them directly to virus@avast.com - do you have any other idea how to make all these 9 virus arrive to your labor? (I can upload them into my ftp site, for instance, or put there in www.4shared.com, but well, almost unbeliavable situation this one, don't you think?
-
I only can supose, that none of the nine samples arrived to avast! - so, again, if I sent them via CHEST as IMAP, as SMTP, and sent them directly to virus@avast.com - do you have any other idea how to make all these 9 virus arrive to your labor? (I can upload them into my ftp site, for instance, or put there in www.4shared.com, but well, almost unbeliavable situation this one, don't you think?
I hope the virus analysts choose an alternate method to check your samples, but do something!
-
The nine virus from yesterday, are still eleven today. All of them with images from the VirusTotal LOG file. If someone is interested in the log files (jpeg) I can send them.
-
Well this is too depressing. Came back here to see what was happening, and I see that the biggest complaint about Alwil is still valid. They cannot balance on the ball... ???
Shame.
-
send the files directly to trs@avast.com in this particular case... i don't know what (and where) did you send, but this should solve your problem... we already detect all the files that we were able to find in virus[at]avast box, just like misak wrote..
-
sent all 11 virus to mentioned address above.
-
sent all 11 virus to mentioned address above.
today, 4 days after I sent 11 virus, new scan. All 11 files, CLEAN!!! THIS is avast! that protects your computer.
I think avast! didn't realize that the best crackers in the world are brazilians, producing virus as they produces good football players. C'mon avast! help us!
-
No excuses...
-
The only excuse I can think of is that someone/something is blocking the emails en route.
Maybe it would be easier / more reliable to upload the samples (compressed to a single archive) to our ftp site.
Cheers
Vlk
-
our ftp site.
Upload them to ftp://ftp.avast.com/incoming (please, note that you won't have READ access to the ftp server, just write - so you won't even be able to see what you've just uploaded).
-
The only excuse I can think of is that someone/something is blocking the emails en route.
Maybe it would be easier / more reliable to upload the samples (compressed to a single archive) to our ftp site.
Cheers
Vlk
Not the fact. I received email from TRS himself, "Thank you for samples. I make string detection today and on Wednesday (after test to avoid false positive alerts) will be distributed. I am sorry for delay, i haven't Internet access during weekend." - so, they received the packet.
-
sorry again for that annoying situation... there are two days without VPS update, if i'm right... detection for your samples is still queued probably.. i will tell you tomorrow when the right VPS comes out..
-
sorry again for that annoying situation... there are two days without VPS update, if i'm right... detection for your samples is still queued probably.. i will tell you tomorrow when the right VPS comes out..
VPS 071129-0 and nothing happens... (check again tomorow)
-
wetabax it's possible for You to upload these files somewhere and let some of us take look ?
(e.g. send me/others the link in PM) ...
-
VPS 071129-0 and nothing happens... (check again tomorow)
Detection for samples, that you are send me to trs [at] avast [dot] com and uploaded to http://cambur.4shared.com/ is done. Here are the scan log from internal VPS:
*
* avast! Report
* This file is generated automatically
*
* Task 'aswcmd.exe' used
* Started on 30. listopad 2007 8:19:52
* VPS: internal, 30.11.2007
*
C:\Vzorky\urgent\virus.zip.out\amizade.com\[NsPack] [L] Win32:VB-GCA [Wrm] (0)
C:\Vzorky\urgent\virus.zip.out\DSC00129.scr [L] Win32:Agent-NZI [Rtk] (0)
C:\Vzorky\urgent\virus.zip.out\FlashPlayer09.exe\[PECompact] [L] Win32:Banload-DDJ [trj] (0)
C:\Vzorky\urgent\virus.zip.out\FotosZip.exe [L] Win32:Agent-NYY [trj] (0)
C:\Vzorky\urgent\virus.zip.out\humor.exe\[PECompact] [L] Win32:Banker-CWZ [trj] (0)
C:\Vzorky\urgent\virus.zip.out\kl.exe [L] Win32:Banker-CWY [trj] (0)
C:\Vzorky\urgent\virus.zip.out\Projeto_vivo.exe\[PECompact] [L] Win32:Banload-DDK [trj] (0)
C:\Vzorky\urgent\virus.zip.out\systray.exe [L] Win32:Banload-DDL [trj] (0)
C:\Vzorky\urgent\virus.zip.out\VivoCupidoMSG.exe [L] Win32:Delf-GVS [trj] (0)
C:\Vzorky\urgent\virus.zip.out\WLMessagerSecurity.exe [L] Win32:Delf-GVR [trj] (0)
Infected files: 10
Total files: 17
Total folders: 1
Total size: 15,2 MB
*
* Task stopped: 30. listopad 2007 8:19:53
* Run-time was 1 second(s)
*
File total.recorder.v5-patch.exe is keygen for application and infection free.
VPS update will be today distributed.
-
Thanks misak!
-
:) Thank you, avast!... This "soap opera" ended finally. I hope never more need to see another story like this. :-\ - THE END!